Finishing Configuration of Access Server
Now that you’ve installed OpenVPN Access Server, what’s next?
Find the URLs for your web server
When you complete the installation process on the command line, you will find the URLs for your admin UI and client UI. If you follow another installation flow, you may see the URL mentioned elsewhere.
What does this mean?
Admin UI
The Admin UI is the web-based GUI for managing your OpenVPN Access Server. We also refer to it as the Admin Web UI. Typically, it is the address of your server with /admin/ appended, for example https://192.168.70.222/admin/.
When you login to the Admin Web UI, this is where you can manage the configuration, certificate, users, and so on as an administrative user. The web-based GUI provides simplified management of complex VPN features rather than having to run Linux-based commands and scripts.
Client UI
The Client UI is the web-based GUI for users to login and download clients or configuration files. Typically, it is the address of your server, https://192.168.70.222 as an example.
When a user logs in here with the credentials as setup in the Admin Web UI, they can download pre-configured Connect Clients for Windows and macOS. There will also be links to the Linux, Android, and iOS client programs. You can also find a configuration profile to import into an already installed client.
NOTE: The web services by default actually run on port TCP 943, so you can visit them at https://192.168.70.222:943/ and https://192.168.70.222:943/admin/ as well. The OpenVPN TCP daemon that runs on TCP port 443 redirects incoming browser requests so that it is slightly easier for users to open the web interface by leaving the :943 part out.
First time logging into Admin Web UI
Administrative User
For the first use of the Admin Web UI, a single administrative user is initially added to the system. However, this user does not have a password set. In order to login, you must first run the following command on your server in order to set that:
passwd openvpn
Once you’ve set your administrative user’s password, you can now open a browser and enter your Admin Web UI address.
Invalid Certificate
OpenVPN Access Server comes with a self-signed certificate. This allows you to login to the Admin Web UI right away and add your own SSL certificate through the GUI, rather than needing to do it using the Linux command line. However, because of this, your browser will give you an error message when you first go to the Admin Web UI or Client UI addresses.
By clicking through to continue to the site, you can continue to the web interface. At the login screen, you can enter the username and password for your ‘openvpn’ user.
Setting up authentication
Authentication with Local, RADIUS, LDAP, or PAM
Once logged in to the Admin Web UI, you can select which authentication system to use: Local, PAM, RADIUS, or LDAP.
The default is Local. Under User Management, you can add users and define their permissions at the user, group, and global level. You can also integrate with an external system using RADIUS or LDAP. For example, you can set up a connection to an LDAP connector to integrate with Windows Server Active Directory.
If you manage a limited number of users, we recommend using the Local authentication. Within the User Permissions screen, you can add/remove users, set passwords, and define access control rules.
Related Documentation
For more information about configuring specific functions, you might find some of these links helpful: